Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
General
Off-Topic
Quick DHCP/Static IP Question
vistalavista
Hey guys,
Just wondering if someone would be able to help me with a situation:
There's a specific ip address set as static ip address somewhere. It wasn't signed out by DHCP or reserved. I found through tracert the name of the device and I can ping it but have no idea what it is. At this point, I'm thinking it's a device we shouldn't have on our network (from the name). How can I block it (through DHCP or otherwise) from using that ip?
Thanks
Find more posts tagged with
Comments
joelsfood
Disable the port that the nic is on. YOu can also put a static invalid arp entry on the gateway to keep the device from using your internet connection
If you ahve the mac address, you can look up the first six digits to determine the manufacturer.
gorebrush
Yeah, you should be able to find the MAC address and drop the port. Whoever has that device will soon complain when it doesn't work anymore
Heero
Find the mac address through ARP tables, track down the switchport with the mac address. Turn off the switchport. Wait for someone to call you.
santaowns
The above will work. Do keep in mind most users don't know how to make their ip static. It is an advanced user or possibly a server. Try to rdp to the device or putty to it. Also can try going to the ip in in any browser to see if it's hosting a site.
joelsfood
Identification from mac/IP:
nbtstat -a (works on Windows servers)
coffer.com/mac_find (gives you a clue to hardware manufacturer)
nmap (can give you a clue to OS)
http/https (can give you a clue to os/device) <- this one can be a bit tricky. If you're really persistent, you might need to use telnet to port 80 and a get, then page up. You can find things like networked door locks that use JSON/etc but don't present a regular browsable site
telnet/ssh/ftp (banners can give you a clue)
Cisco L2 traceroute to find port: If you know the mac, and want to find port across multipe switches, don't use traceroute per the docs. Instead, use it as such (example suspect mac 01:23:45:67:89:00)
traceroute mac 01:23:45:67:89:00 01:23:45:67:89:00
Standard method requires you to know vlan to ensure it works, and provide source in that vlan. Using the suspect mac as source and destination will tell you switch and port, even if you don't know what vlan it's on. Comes in really handy with networks with 200 or more switches
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
